If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

nCircle VERT Challenge #1

Over on our company blog we've launched a sort of challenge series... I've written up and posted the first one... I'm also the one accepting submissions.

The concept, rules and prizes (Yep, we're giving away nCircle swag) are all listed on the page, however I'll reiterate them here.

Contest:
# Locate the WinNY application Online (Both Versions 1 and 2)
# Determine how to perform proper WinNY detection. (remotely -- via the listening TCP port)
# What you need to provide in order to win:
* Any encryption, authentication or hashing used for communication.
* A breakdown of the information provided by WinNY when you connect to it.
* The unencrypted strings that distinquish between WinNY 1 and WinNY 2.
* Bonus Points for providing a script or source code to perform the detection.

Rules:
# Submission of materials already available online will NOT be accepted.
# Submissions will be accepted in the order they are received but complete submissions will receive consideration before partial submissions.
# The contest will close at 12:00PM (Noon) EST on Friday, March 16th 2007.
# You are free to submit a partial submission and then submit additional data, however you can only resubmit once.

I invite everyone to take a stab at it and experience something that we do on a daily basis... Should this go over well, we'll be having more contests (covering a broad range of things) and more prizes.

Good Luck to everyone who competes.

Peace,
HT

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

maybe if there was a decent cash prize i'm sure there would be more takers.

i've got waaaay to much happening now, but i have been spending a little time here and there taking a few notes so to speak in my limited spare time..

and what the heck is the picture meant to be. It looks like one of those toys you get from those candy machines

acidtone..

Why is it that people go to sites like HTS and so forth and compete in those... but as soon as a prize is offered, the prize isn't good enough and should be money instead... They are mini remote control cars, branded with the nCircle logo...

I don't know about most places but here they average in the store for around 20-30 (without the branding)... I've got two that I've bought over the years and we've got a couple of the nCircle ones at the office... I can tell you the nCircle ones are quite a bit faster...

I thought I'd mention this as well for people who are reading this... Competing in the challenge and showing you have the problem solving skills for something like this is an individual accomplishment.... For me.. I gain nothing whether or not you compete... I've already done this work months ago and thought it might interest others... It does help others though... especially since the majority of members here are supposed to be interested in security...

Let's pick a security vendor.... nCircle, Qualys, Tenable(Nessus), IBM ISS, Foundstone, eEye... I'm sure everyone recognizes at least one of those names... they are competing products in the same space... Let's say you see a job posting on one of their websites (a student, or someone looking for a new job)... Now on your resume and when you're being interviewed you can mention remote application detection... your name can be found on the net in regards to the challenge...That's part of our reason for doing it... To provide a way for those interested in the space to learn and grow with realistic goals and processes.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".